mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
36,422 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

16 Commits

Author SHA1 Message Date
Lukas Reschke a05b8b7953
Harden cookies more appropriate 
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-23 12:53:44 +01:00
Robin Appelman 4235b18a88
allow passing a stream to StreamResponse 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:30:36 +01:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie 
Match only for actual session cookie
 2016-08-31 15:59:16 +02:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable 
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
 2016-08-19 14:48:13 +02:00
Roeland Jago Douma 8f3dc0ba43
Remove IE_8 user agent string 2016-08-16 21:01:32 +02:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie 
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
 2016-08-09 19:23:08 +02:00
Morris Jobke 8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script 
Update emails and license headers with latest changes
 2016-07-21 23:27:15 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Roeland Jago Douma e42f2f2650
AppFramework do not get default response 
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
 2016-07-20 22:05:43 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma eb11ed1851
Make ownCloud work again in php 7.0.6 
See https://bugs.php.net/bug.php?id=72117
 2016-04-28 12:23:17 +02:00
Roeland Jago Douma 1d33a5ef13
Move \OC\AppFramework to PSR-4 
* Also moved the autoloader setup a bit up since we need it in initpaths
 2016-04-22 15:28:09 +02:00